At 01:47 04/02/02 +0200, Jari Arkko wrote:
Martin Duerst wrote:
I tend to disagree. *I* don't want you to receive a message that is faked
and pretends to come from me, but doesn't. Even if you don't care, I do.
I would strongly prefer a system that would not allow this. And my gut
feeling is that most users would be with me on this.
I think the hard question is what level of "authentication" to require.
I am pretty sure 99.99% of users want better protection against spoofed
addresses than we currently have. But I am not sure they are willing to
go as far as mandating a global PKI of all e-mail users. So what's left, then?
Just verifying the two domains but not the users? Self-signed certificates
and ensuring that all messages from the same address come from the same
entity, but not ensuring that the claimed identities are really correct?
Weak form of sender address verification through asking the sender's mail
server to check the claimed address can actually receive messages and that
the message ID is valid? Something else, what?
Hello Jari,
I agree with your points. Users may be happy with something that works
a lot better than what we have now, even if it's not totally perfect.
The important point is that we have something that is part of the system
(as the user sees it) by default, and is only switched off in very
special situations (e.g. collecting statistics on fraud,...), rather
than what we have now, with multiple ways of how it could be done,
none of which actually working in practice.
Regards, Martin.